QSearchQSearch

CVE-2026-10060

6.3 MEDIUM

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20

Published: 2026-05-29 · Last updated: 2026-06-03

Severity and scoring

CVSS
6.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-74, CWE-77

Affected products

VendorProduct
trendnettew-432brp_firmware

Description

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetRoute of the file /goform/formSetRoute. The manipulation of the argument ip/mask/gateway leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-10064 A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20 (6.3 MEDIUM)
  • CVE-2026-10063 A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20 (8.8 HIGH)
  • CVE-2026-10062 A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20 (8.8 HIGH)
  • CVE-2026-10061 A vulnerability was found in TRENDnet TEW-432BRP 3.10B20 (6.3 MEDIUM)

Same CWE

  • CVE-2025-56814 A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding sh... (7.8 HIGH)
  • CVE-2026-12223 A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
  • CVE-2026-12219 A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
  • CVE-2026-12206 A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
  • CVE-2026-12197 A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)